A Quick Guide to Help You Understand and Create User Behavior Rule With SureLog SIEM -1

Most of the time User Behavior rules are not configurable and SIEM user guides contain notifications like “If you edit those rules, they might not work as expected.”

This “Quick Guide” was created to have you develop user behavior rule and then edit, configure and modify those rules.

In this first quick guide, very simple user behavior rule: “Executive Only Asset Accessed by Non-Executive User” was selected.

We will implement this rule with SureLog SIEM. The order of rules (steps) important and managed by “Rule Priority” parameter by SureLog

Step 1: Update lists

• Executive Only Assets
• Executive Users

Step 2: Control if the asset is executive only and the user is not executive.

SureLog Rule Editor

Rule development is quick and easy, so you can get started in minutes.